Privacy Policy
Last Updated: June 15, 2025
1. Introduction
Welcome to Tymira Health. Your privacy is a top priority for us. This Privacy Policy outlines how Tymira Health Limited ("we," "our," or "us") collects, uses, processes, shares, and protects your personal and health information. We are committed to safeguarding your data in compliance with applicable data protection laws, including Kenya"s Data Protection Act, 2019.
This policy applies to all our platforms and services, including the Tymira360 practice management system, our patient-facing portals, our websites, and any other interactions you have with us.
2. The Information We Collect
We collect information that is necessary to provide our services effectively. This information is categorized as follows:
Personal and Contact Information:
Your full name, postal address, email address, phone number, date of birth, gender, and national identification details where required for insurance or verification.
Sensitive Personal Data (Health & Medical Information):
• Medical history, treatment plans, diagnostic images (e.g., X-rays), prescriptions, and consultation notes entered by you or your healthcare provider.
• Appointment history and details of services you have received.
• Information from health-related questionnaires and patient intake forms.
• Family Health Information: With your explicit consent, information you provide for our Family Tree feature to identify hereditary conditions or allergies.
Financial Information:
Payment card details, mobile money information (e.g., M-Pesa), billing address, transaction history, and insurance policy details for processing payments and claims.
Technical and Usage Information:
• Internet Protocol (IP) addresses, browser type and version, device information, and operating system.
• Data on how you interact with our services, such as feature usage, session activity, and clickstream data, collected via cookies and similar technologies.
Communications and Support Data:
Feedback, survey responses, and records of your communications with our support team.
3. How We Collect Your Information
• Directly from You: When you register for an account, book an appointment through our portals, fill out a medical history form, or communicate with us.
• From Your Healthcare Provider: Your doctor, dentist, therapist, or clinic staff will enter your health information into the Tymira360 platform as part of providing you with care.
• Automatically: When you use our website or applications, we automatically collect technical data using cookies and other tracking technologies.
• From Other Third Parties: With your consent, we may receive information from your insurance provider for claims processing or from other healthcare facilities involved in your care.
4. How We Use Your Data
We use your Personal Data for the following purposes, based on a legal foundation:
To Provide and Manage Our Services (Contractual Necessity):
• Facilitating telehealth consultations, managing your health records via the Patient and Family Portals, and enabling communication between you and your provider.
• Processing payments, managing billing, and submitting insurance claims.
To Improve Our Services (Legitimate Interest):
• We may use anonymized and aggregated data for research and development to enhance our platform, including improving the accuracy of our AI-driven diagnostic and predictive tools. Your personal identity is always removed.
• Analyzing usage trends to optimize user experience and develop new features.
To Communicate With You (Consent & Legitimate Interest):
• Sending important updates about our services, appointment reminders, and follow-up care instructions.
• Sending newsletters and promotional content, from which you can opt-out at any time.
To Comply with Legal Obligations:
• Ensuring compliance with healthcare regulations, legal proceedings, or lawful government requests. Storing medical records as required by law.
5. How We Share the Personal Data We Collect
Your trust is paramount. We do not rent or sell your Personal Data. We may disclose your data only in the following circumstances:
• Healthcare Providers: Your Personal Data and Health Data are visible to the healthcare providers you choose to consult with through the Tymira360 platform. By initiating a consultation, you consent to this sharing for the purpose of your care.
• Vendors and Service Providers: We share data with trusted third parties who perform services on our behalf, such as payment processors and cloud hosting providers. They are bound by strict confidentiality and data protection agreements.
• Analytics Partners: We may share De-Identified Data with partners to help us analyze usage patterns and improve our services.
• As Required by Law: We may disclose Personal Data if required by law, a court order, or a legitimate government request.
• Mergers and Asset Transfers: In the event of a merger, acquisition, or sale of assets, your Personal Data may be transferred to the new entity but will remain subject to the protections of this Privacy Policy.
6. International Data Transfers
Tymira Health operates across Africa. Your information may be transferred to and stored on secure servers in countries other than your country of residence. We take all appropriate measures to ensure your data is protected in accordance with this Privacy Policy and applicable data protection laws, such as the Kenya DPA, 2019.
7. Data Security, Integrity, and Retention
• Data Security: We use commercially reasonable and robust technical, administrative, and physical safeguards to protect your Personal Data. This includes end-to-end encryption, secure cloud infrastructure, and strict access controls.
• Data Retention: We retain your Personal Data only for as long as necessary to fulfill the purposes outlined in this policy, or as required by law for maintaining medical records.
8. Our Policy Concerning Children
Our services are not intended for unsupervised use by individuals under the age of 18. Data for minors must be managed through an account set up by a parent or legal guardian, with their explicit consent. If we become aware of having collected data from a minor without such consent, we will take immediate steps to delete it.
9. Your Privacy Rights and Choices
In line with the Kenya Data Protection Act, you have the right to:
• Access Your Data: Request a copy of the Personal Data we hold about you.
• Rectify Your Data: Correct any information that is inaccurate or incomplete.
• Request Erasure (Right to be Forgotten): Ask for your data to be deleted, subject to legal requirements for record-keeping.
• Restrict Processing: Limit how we process your Personal Data in certain circumstances.
• Data Portability: Request that your data be transferred to another organization.
• Object to Processing: Object to our use of your data for certain purposes (like direct marketing).
• Withdraw Consent: You can unsubscribe from marketing communications at any time via the link in the emails.
To exercise any of these rights, please contact our Data Protection Officer at the address below.
10. Breach/Privacy Violation
In the event of a data breach that is likely to pose a risk to your rights and freedoms, we shall notify the relevant regulatory authorities and inform you of the breach in accordance with the law.
11. Changes to This Policy
We may update this Privacy Policy periodically. We will post the updated version on our website with a new "Last Updated" date. Your continued use of our services after such updates constitutes your acceptance of the new policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or your data, please contact our Data Protection Officer: